Journal of Medical Systems

, 37:9924 | Cite as

Realizing Digital Signatures for Medical Imaging and Reporting in a PACS Environment

  • Chung-Yueh Lien
  • Tsung-Lung Yang
  • Chia-Hung Hsiao
  • Tsair KaoEmail author
Original Paper


According to Taiwan’s legislation pertaining to the protection of electronic data, the creators of electronic medical records (EMR) are solely responsible for the security of EMR. However, actual implementations that fulfill the security standards and requirements for electronic medical record systems are still lacking. Most EMR created from picture archive and communication system are not considered secure, as security protection mechanisms have not yet been granted legal status. This paper describes the details of establishing a digital signature system using Taiwan health professional cards. A digital signature system has been included to ensure quality assurance (QA) operations are controlled by technicians, and reporting capabilities have been provided for radiologist. Six imaging modalities and eight types of radiology reports have also been included in the system. Results indicate that the process of creating QA signatures does not have an adverse effect on the workflow of the facility, requiring less time for the signing and verification of radiology reports. This system has already been used routinely online in a real clinical setting for more than 2 years.


DICOM Security Digital signature Clinical document architecture PACS 



The authors would like to acknowledge the technical support and data collecting provided by Mr. Wen-Jen Hsieh, Mr. Wei-Chung Chen and Mr. Yao-Yi Chen. This work was supported by the Department of Health and the National Science Council of Taiwan under Grant NSC 97-2114-E-010-002 and NSC 101-2917-I-564-060.

Conflict of interest

The authors declare that they have no conflict of interest.


  1. 1.
    Yang, C. M., Lin, H. C., Chang, P., and Jian, W. S., Taiwan’s perspective on electronic medical records’ security and privacy protection: Lessons learned from HIPAA. Comput. Methods. Programs Biomed. 82:277–282, 2006.CrossRefGoogle Scholar
  2. 2.
    Health Insurance Portability Accountability Act of 1996 (HIPAA). Available via Centers for Medicare and Medicaid Services. Accessed 17 Oct 2010
  3. 3.
    Code NZTHIP (1994) Rule 5: storage and security of health information.
  4. 4.
    Toyoda, K., Standardization and security for the EMR. Int. J. Med. Inform. 48:57–60, 1998.CrossRefGoogle Scholar
  5. 5.
    Digital Imaging and Communications in Medicine (DICOM) Part 15: Security and System Management Profiles. National Electrical Manufacturers Association.
  6. 6.
    Bos, J. J., Digital signatures and the electronic health records: providing legal and security guarantees. Int. J. Biomed. Comput. 42:157–163, 1996.CrossRefGoogle Scholar
  7. 7.
    Ratib, O., Ligier, Y., Bandon, D., and Valentino, D., Update on digital image management and PACS: Web and PACS: Heralding the new age of imaging in the health care community. Abdom. Imaging 25:333–340, 2000.CrossRefGoogle Scholar
  8. 8.
    Lim, E. Y. S., Data security and protection for medical images. In: Feng, D. D. (Ed.), Biomedical information technology, 1st edition. Elsevier, Burlington, pp. 249–257, 2008.CrossRefGoogle Scholar
  9. 9.
    Hollerbach, A., Brandner, R., Bess, A., Schmücker, R., and Bergh, B., Electronically signed documents in health care - analysis and assessment of data formats and transformation. Methods. Inf. Med. 44:520–527, 2005.Google Scholar
  10. 10.
    van der Haak, M., Wolff, A. C., Brandner, R., Drings, P., Wannenmacher, M., and Wetter, T., Data security and protection in cross-institutional electronic patient records. Int. J. Med. Inform. 70:117–130, 2003.CrossRefGoogle Scholar
  11. 11.
    Schüze, B., Kroll, M., Geisbe, T., and Filler, T. J., Patient data security in the DICOM standard. Eur. J. Radiol. 51:286–289, 2004.CrossRefGoogle Scholar
  12. 12.
    Cao, F., Huang, H. K., and Zhou, X. Q., Medical image security in a HIPAA mandated PACS environment. Comput. Med. Imaging. Graph. 27:185–196, 2003.CrossRefGoogle Scholar
  13. 13.
    Brandner, R., van der Haak, M., Hartmann, M., Haux, R., and Schmücker, P., Electronic signature for medical documents - Integration and evaluation of a public key infrastructure in hospitals. Methods. Inf. Med. 41:321–330, 2002.Google Scholar
  14. 14.
    de Lusignan, S., Chan, T., Theadom, A., and Dhoul, N., The roles of policy and professionalism in the protection of processed clinical data: A literature review. Int. J. Med. Inform. 76:261–268, 2007.CrossRefGoogle Scholar
  15. 15.
    Srivastava, A., Electronic signatures and security issues: An empirical study. Comput. Law. Sec. Rev. 25(5):432–446, 2009.CrossRefGoogle Scholar
  16. 16.
    Kardas, G., and Tunali, E. T., Design and implementation of a smart card based healthcare information system. Comput. Methods. Programs Biomed. 81:66–78, 2006.CrossRefGoogle Scholar
  17. 17.
    Chen, Y. C., Chen, L. K., Tsai, M. D., Chiu, H. C., Chiu, J. S., and Chong, C. F., Fingerprint verification on medical image reporting system. Comput. Methods. Programs Biomed. 89:282–288, 2008.CrossRefGoogle Scholar
  18. 18.
    Wong, S. T., A cryptologic based trust center for medical images. J. Am. Med. Inform. Assoc. 3:410–421, 1996.CrossRefGoogle Scholar
  19. 19.
    Gritzalis, S., Iliadis, J., Gritzalis, D., Spinellis, D., and Katsikas, S., Developing secure web-based medical applications. Med. Inform. Internet Med. 24:75–90, 1999.CrossRefGoogle Scholar
  20. 20.
    Clunie, D. A., DICOM structured reporting. PixelMed, Bangor, 2000.Google Scholar
  21. 21.
    Riesmeier, J., Eichelberg, M., Kleber, K., Grönemeyer, D. H. W., Oosterwijk, H., and Jensch, P., Authentication, integrity and confidentiality in DICOM structured reporting: Concept and implementation. SPIE Med. Imaging 4685:70–278, 2002.Google Scholar
  22. 22.
    Lepanto, L., Impact of electronic signature on radiology report turnaround time. J. Digit Imaging 16:306–309, 2003.CrossRefGoogle Scholar
  23. 23.
    Zhou, Z., and Liu, B. J., HIPAA compliant auditing system for medical images. Comput. Med. Imaging. Graph. 29:235–241, 2005.CrossRefGoogle Scholar
  24. 24.
    Liu, B., Zhou, Z., and Huang, H., A HIPAA-compliant architecture for securing clinical images. J. Digit Imaging 19:172–180, 2006.CrossRefGoogle Scholar
  25. 25.
    Kroll, M., Schütze, B., Geisbe, T., Lipinski, H. G., Grönemeyer, D. H. W., and Filler, T. J., Embedded systems for signing medical images using the DICOM standard. Int. Congr. Ser. 1256:849–854, 2003.CrossRefGoogle Scholar
  26. 26.
    Jin P FPGA and ASIC Implementation of ECC Processor for Security on Medical Embedded System. 3rd Information Technology and Applications, International Conference on, 2005. pp 547–551.Google Scholar
  27. 27.
    Vijay, N. V. K., Sylvanus, A. E., Sergio, C., and Jose, A. R., Security middleware infrastructure for DICOM images in health information systems. J. Digit Imaging 16:356–364, 2003.CrossRefGoogle Scholar
  28. 28.
    Lien, C. Y., Kao, T., Hsiao, C. H., and Keng, C. I., A software-embedded method of security protection applied in indirect imaging in dentistry. J. Med. Biol. Eng. 30:203–207, 2010.CrossRefGoogle Scholar
  29. 29.
    Digital Imaging and Communications in Medicine (DICOM) Supplement 41: Digital Signatures. National Electrical Manufacturers Association.
  30. 30.
    Digital Imaging and Communications in Medicine (DICOM) Supplement 86: Digital Signatures in Structured Reports. National Electrical Manufacturers Association.
  31. 31.
    Lien, C. Y., Hsiao, C. H., Huang, L. C., and Kao, T., Applying a presentation content manifest for signing clinical documents. J. Digit Imaging 23:152–160, 2010.CrossRefGoogle Scholar
  32. 32.
    Kobayashi, L., Furuie, S., and Barreto, P., Providing integrity and authenticity in DICOM images: A novel approach. IEEE Trans. Inf. Technol. Biomed. 13:582–589, 2009.CrossRefGoogle Scholar
  33. 33.
    Kobayashi, L., and Furuie, S., Proposal for DICOM multiframe medical image integrity and authenticity. J. Digit Imaging 22:71–83, 2008.CrossRefGoogle Scholar
  34. 34.
    Bartel M, Boyer J, Fox B, LaMacchia B, Simon E (2001) XML-Signature Syntax and Processing - W3C Proposed Recommendation. . W3C (World Wide Web Consortium).
  35. 35.
    Landrock, P., and Pedersen, T., WYSIWYS? – What you see is what you sign? Inf. Secur. Tech. Rep. 3:55–61, 1998.CrossRefGoogle Scholar
  36. 36.
    Ruotsalainen, P., and Manning, B., A notary archive model for secure preservation and distribution of electrically signed patient documents. Int. J. Med. Inform. 76:449–453, 2007.CrossRefGoogle Scholar
  37. 37.
    Lekkas, D., and Gritzalis, D., Long-term verifiability of the electronic healthcare records’ authenticity. Int. J. Med. Inform. 76:442–448, 2007.CrossRefGoogle Scholar
  38. 38.
    Pharow, P., and Blobel, B., Electronic signatures for long-lasting storage purposes in electronic archives. Int. J. Med. Inform. 74:279–287, 2005.CrossRefGoogle Scholar
  39. 39.
    Lekkas, D., and Gritzalis, D., Cumulative notarization for long-term preservation of digital signatures. Comput. Sec. 23(5):413–424, 2004.CrossRefGoogle Scholar
  40. 40.
    Yu, Y. C., Huang, T. Y., and Hou, T. W., Forward secure digital signature for electronic medical records. J. Med. Syst. 36:399–406, 2012.CrossRefGoogle Scholar
  41. 41.
    Huang, K. H., Hsieh, S. H., Chang, Y. J., Lai, F., Hsieh, S. L., and Lee, H. H., Application of portable CDA for secure clinical-document exchange. J. Med. Syst. 34:531–539, 2010.CrossRefGoogle Scholar
  42. 42.
    Digital Imaging and Communications in Medicine (DICOM) Supplement 95: Audit Trail Messages. National Electrical Manufacturers Association.
  43. 43.
    Morgan, M. B., Branstetter, B. F., Lionetti, D. M., Richardson, J. S., and Chang, P. J., The radiology digital dashboard: Effects on report turnaround time. J. Digit Imaging 21:50–58, 2008.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • Chung-Yueh Lien
    • 1
  • Tsung-Lung Yang
    • 2
  • Chia-Hung Hsiao
    • 3
  • Tsair Kao
    • 4
    • 5
    Email author
  1. 1.OFFIS – Institute for Information TechnologyOldenburgGermany
  2. 2.Department of Teleradiology and RadiologyKaohsiung Veterans General HospitalKaohsiungTaiwan
  3. 3.Department of Medical InformaticsTzu Chi UniversityHualienTaiwan
  4. 4.Department of Biomedical EngineeringHungkuang UniversityTaichungTaiwan
  5. 5.Department of Biomedical EngineeringHungkuang UniversityTaichungTaiwan

Personalised recommendations